Back to skill
Skillv1.0.2
ClawScan security
PR Review Loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 23, 2026, 6:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with its stated purpose of iterating on GitHub PRs; it asks only for git/gh access and a GitHub token and its instructions limit risky actions like force-pushes.
- Guidance
- This skill appears to do what it says: iterate on PR comments, make fixes, run tests, and push updates. Before installing or enabling it: (1) Prefer using the host's GitHub auth (MCP/gh/git credential helper) rather than pasting a token; if you must provide GITHUB_TOKEN, scope it as narrowly as possible (repository and branch only). (2) Ensure branch protection and audit controls are in place because the skill will rewrite history and force-push the PR head when the user requests that strategy. (3) Confirm you are comfortable with an agent having read/write access to the target repo (the skill will edit files and push commits). (4) If you want additional guardrails, require explicit user confirmation before any force-push or history rewrite, and verify the metadata inconsistency about whether GITHUB_TOKEN is required or optional is corrected.
Review Dimensions
- Purpose & Capability
- okName/description (PR review loop) align with requested binaries (git, gh) and the GitHub token. The skill's declared needs are what you'd expect for creating/updating PRs, running CI checks, and pushing commits.
- Instruction Scope
- okSKILL.md instructs only PR-focused actions (finding/creating PRs, reading review threads, editing repository files, running tests, pushing branches, resolving threads). It explicitly forbids asking users to paste tokens or reading unrelated secret files and requires verification of repository/branch/permissions before edits.
- Install Mechanism
- okInstruction-only skill with no install spec or downloaded code; lowest-risk install surface.
- Credentials
- noteThe only credential in scope is GITHUB_TOKEN (primary). This is proportionate to the task. Note: the registry metadata shows a minor inconsistency — the top-level listing marks GITHUB_TOKEN as required while SKILL.md/metadata describe it as optional if host auth (MCP/gh/git helper) is available; the capability requested is still appropriate but the documentation should be consistent about whether a token is mandatory.
- Persistence & Privilege
- okSkill is not always: true and is user-invocable. It allows autonomous invocation by default (platform default) but agents/openai.yaml contains an invocation guardrail. The skill's allowed operations (force-with-lease, branch-limited history rewrite) are reasonable for PR work but should be used with caution.